Rules actions that add new field collection items to a node fail to work when Node access user reference is enabled. The items aren't added, and there's a message saying "Access violation! You have insufficient access permissions to edit this configuration.".

The acting user is the owner of the node, and is even allowed to edit all nodes of that type. Node access user reference is not used on any field (not on that node type, nor any other). There are entity reference fields on the site (but no user reference fields).

Proposed resolution

Find out what is causing this problem.

Remaining tasks

User interface changes

API changes


Itangalo’s picture

I get the same result when using the Content Access module. So this is probably something related to Field collection.

I'm continuing the investigation.

Itangalo’s picture

Status: Active » Closed (duplicate)

Ok, I am now pretty certain that this is caused by Rules in some way. When executing a Rules component, Rules checks if the acting user has permissions to edit the used component (for some non-trivial meaning of 'edit'). If not, the user can't execute that component (unless permissions are explicitly set otherwise).

These issues helped me in my digging:
#1301940: Permissions required to perform action?
#1217128: limiting Rules components to specific permissions

I'm opening a new issue over at Rules, to discuss the unexpected effect of access modules.

Itangalo’s picture